In recent years, website advertisers and publishers have begun adding tracking code from third-party websites in order to better understand who their users are, and further to monetize these insights into their customers. Monetization can take numerous forms, including the placement of display advertisements on a content publisher's own website, or by targeted advertising using data aggregated from a number of websites. This data is normally exchanged and sold by means of the real-time or offline synchronization of anonymized cookie information. The types of code used for this purpose may include web “pixels,” that is, objects embedded in a web page, and JavaScript tags. All such code may generally be referred to as third-party tags.
As the digital advertising industry has grown, so have the number of third-party tags placed on any given site. As a representative example, the television network website cbs.com has at a certain point had at least eleven third-party tags firing on the homepage during a web browser's visit, with many more on other pages within the overall site. Since a website may partner with or terminate its relationships with one or more of these partners over time, the large number of third-party tags from different companies means that keeping each tag up to date has become difficult.
Because of the widespread use of third-party tags, another issue that has arisen is the protection of a website's user data from unauthorized use or malicious activity, which is commonly known as data “leakage.” Even when the online content publisher has a relationship with a third-party tracking company, the publisher may have restrictions on how its user's data can be utilized. Third-party tag requests can be forwarded from third parties to their secondary partners and so on, without a website owner's knowledge or permission, or even the knowledge that such forwarding is taking place. Malicious activity using third-party tags may include extraction of data from a web page; maliciously modifying content of a web page; performing an activity that is intended to harm the end user or the website owner; the presence of a Trojan horse that is automatically and surreptitiously downloaded by visiting the webpage; and the hiding of website re-direct activities in order to avoid the user realizing that the web browser has been redirected to an unsafe or potentially unsafe site.
Consumer web browsers have become extremely complex in order to process and display modern web pages, which may be composed of many independent pieces belong to a number of different parties and hosted at different servers with different IP addresses. Any web browser must be able to handle a request for a single web document and subsequent requests for external resources required by that document. Some resources are programs, such as those written in the webpage scripting language JavaScript, which will run within the context of the web browser and terminate only when the user closes the browser or navigates to a different document. Given this complexity and the resulting difficulty of understanding what occurs as a user browses the web, most users are technically unable to investigate this issue, and simply expect that first party and third party players behave appropriately, with potentially damaging results when that expectation is violated.
Many consumers and businesses wish to take advantage of increasingly accurate metrics, analytics and targeted advertising. The data collected to enable such offerings has in turn become extremely valuable. Due to a lack of industry oversight and comprehensive safeguards, unscrupulous companies may use third-party tags to forward information about a consumer visiting a website without obtaining permission from the client website (such as a content provider) with which they are partnered. Furthermore, malicious entities may want to masquerade as legitimate entities in hopes of harvesting sensitive information about a consumer. Third-party tags may facilitate unsafe or unexpected behavior, which may include the loading of off-site scripts, collection of sensitive data, participation in denial-of-service (DoS) attacks, or making contact with questionable domains for undisclosed tracking of the consumer's online behavior.
Due to the nature of JavaScript in particular, legitimate and malicious third-party tags are difficult to analyze piecemeal, forcing users and the publishers who provide content to these users to choose between security and convenience. To make matters worse, some third-party JavaScript tags will load additional third-party JavaScript tags in a chain of scripted calls, reducing the practicality of human directed analysis significantly. It may be seen that it would be highly desirable to both advertisers and content publishers to have a clear understanding of what actions these third-party tags, such as JavaScript tags and pixel tags, are taking on their websites, in order that they may take appropriate action in order to protect the privacy of their users. Consumers likewise would find this understanding highly desirable in order to safeguard their privacy and to allow them to navigate various web pages without fear that their information is being misused or misdirected.
References mentioned in this background section are not admitted to be prior art with respect to the present invention.